В данной статье разберем особенности конфигурации Inter-AS BGP OptB.
Начнем настройку с CE устройств. PE и ASBR эмитируют сеть оператора, в данной статье мы не будем рассматривать IGP или BGP протоколы для взаимодействия с оператором, а для примера, пропишем статики с СE устройств друг на друга.
Настройка CE1:
interface GigabitEthernet0/0/0/0.2101 ipv4 address 20.0.0.1 255.255.255.252 <<<<<Линк в сторону PE1 encapsulation dot1q 2101 router static address-family ipv4 unicast 20.0.1.0/30 20.0.0.2
Настройка CE2:
interface GigabitEthernet0/0/0/0.2100 ipv4 address 20.0.1.2 255.255.255.252 <<<<< Линк в сторону PE2 encapsulation dot1q 2100 router static address-family ipv4 unicast 20.0.0.0/30 20.0.1.1
Далее настроим IGP, BGP и MPLS PE и ASBR маршрутизаторах :
Настройка IGP, BGP и MPLS на PE1:
interface tengigabitethernet 0/0/10.2101
description to_CE1
encapsulation outer-vid 2101
ipv4 address 20.0.0.2/30
vrf test
interface tengigabitethernet 0/0/2
description to_ASBR1
ipv4 address 10.0.0.5/30
vrf test
export route-target 100:100
import route-target 200:200 <<<<< Требуется для установки префикса CE2 маршрутизатора в данный vrf.
rd 100:100
router ospfv2 1
area 0.0.0.0
interface loopback 1
exit
interface tengigabitethernet 0/0/2
network point-to-point
exit
exit
router-id 1.1.1.1
mpls
forwarding
interface loopback 1
interface tengigabitethernet 0/0/2
exit
ldp
discovery interface tengigabitethernet 0/0/2
exit
exit
router-id 1.1.1.1
transport-address 1.1.1.1
router bgp 100
address-family vpnv4 unicast
exit
bgp router-id 1.1.1.1
neighbor 2.2.2.2
address-family vpnv4 unicast
exit
remote-as 100
send-community
send-community-ext
update-source 1.1.1.1
Настройка IGP, BGP и MPLS на ASBR1:
interface tengigabitethernet 0/0/1
description to_PE1
ipv4 address 10.0.0.6/30
interface tengigabitethernet 0/0/3
description to_ASBR2
ipv4 address 10.0.0.9/30
router ospfv2 1
area 0.0.0.0
interface loopback 1
exit
interface tengigabitethernet 0/0/1
network point-to-point
exit
exit
router-id 2.2.2.2
mpls
forwarding
interface loopback 1
interface tengigabitethernet 0/0/1
interface tengigabitethernet 0/0/3 <<<<< Требуется указать линк в сторону ASBR1 для выделения транспортных меток
exit
ldp
discovery interface tengigabitethernet 0/0/1
exit
exit
router-id 2.2.2.2
transport-address 2.2.2.2
router bgp 100
address-family vpnv4 unicast
accept-nonexistent-rt-paths <<<<< Требуется для установки всех vpnv4 маршрутов в BGP RIB
exit
bgp router-id 2.2.2.2
neighbor 1.1.1.1
address-family vpnv4 unicast
next-hop-self <<<<< Требуется включить, т.к PE не будет знать о next-hop удаленного ASBR
exit
remote-as 100
send-community
send-community-ext
update-source 2.2.2.2
exit
neighbor 10.0.0.10
address-family vpnv4 unicast
exit
remote-as 200
send-community
send-community-ext
Важно!
Маршрутизатор ME по умолчанию отбрасывает vpnv4 маршруты, если у него нет vrf c подходящим параметром import route-target. Поэтому на ASBR необходимо включить опцию accept-nonexistent-rt-paths для установки в BGP RIB всех пришедших vpnv4 маршрутов. Так же необходимо включить next-hop-self в сторону обоих PE, т.к PE не будет известно о next-hop удаленных ASBR.
Настройка IGP, BGP и MPLS на PE2:
interface tengigabitethernet 0/0/1.2100
description to_CE2
encapsulation outer-vid 2100
ipv4 address 20.0.1.1/30
vrf test
interface tengigabitethernet 0/0/3
description to_ASBR2
ipv4 address 10.0.0.14/30
vrf test
export route-target 200:200
import route-target 100:100 <<<<< Требуется для установки префикса CE2 маршрутизатора в данный vrf.
rd 200:200
router ospfv2 1
area 0.0.0.0
interface loopback 1
exit
interface tengigabitethernet 0/0/3
network point-to-point
exit
exit
router-id 6.6.6.6
mpls
forwarding
interface loopback 1
interface tengigabitethernet 0/0/3
exit
ldp
discovery interface tengigabitethernet 0/0/3
exit
exit
router-id 6.6.6.6
transport-address 6.6.6.6
router bgp 200
address-family vpnv4 unicast
exit
bgp router-id 6.6.6.6
neighbor 3.3.3.3
address-family vpnv4 unicast
exit
remote-as 200
send-community
send-community-ext
update-source 6.6.6.6
Настройка IGP, BGP и MPLS на ASBR2:
interface tengigabitethernet 0/0/6
description to_PE2
ipv4 address 10.0.0.13/30
interface tengigabitethernet 0/0/3
description to_ASBR1
ipv4 address 10.0.0.10/30
router ospfv2 1
area 0.0.0.0
interface loopback 1
exit
interface tengigabitethernet 0/0/6
network point-to-point
exit
exit
router-id 3.3.3.3
mpls
forwarding
interface loopback 1
interface tengigabitethernet 0/0/3 <<<<< Требуется указать линк в сторону ASBR1 для выделения транспортных меток
interface tengigabitethernet 0/0/6
exit
ldp
discovery interface tengigabitethernet 0/0/6
exit
exit
router-id 3.3.3.3
transport-address 3.3.3.3
router bgp 200
address-family vpnv4 unicast
accept-nonexistent-rt-paths <<<<< Требуется для установки всех vpnv4 маршрутов в BGP RIB
exit
bgp router-id 3.3.3.3
neighbor 10.0.0.9
address-family vpnv4 unicast
exit
remote-as 100
send-community
send-community-ext
exit
neighbor 6.6.6.6
address-family vpnv4 unicast
next-hop-self <<<<< Требуется включить, т.к PE не будет знать о next-hop удаленного ASBR
exit
remote-as 200
send-community
send-community-ext
update-source 3.3.3.3
В качестве примера, посмотрим выделение меток для CE1 маршрута 20.0.0.0/30 на всех маршрутизаторах:
Выделение меток на маршрутизаторах для префикса 20.0.0.0/30
0/ME5100:PE1# show bgp vpnv4 unicast rd 100:100 20.0.0.0/30
Thu May 30 09:36:27 2024
BGP router identifier 1.1.1.1, local AS number 100
BGP routing table entry for 20.0.0.0/30
Path #0
AS path:
RD 100:100 (1.1.1.1), Source VRF:
Received/Local Label: -/16 <<<<< PE2 сгенерировал vpnv4 маршрут и отправит на ASBR1 с меткой 16
Origin incomplete, metric 0, local-pref 100, weight 32768, not-tracked, best
Address family: ipv4/vpn
NLRI pathID: 0
Aggregator AS: 0, Address: 0.0.0.0, Atomic aggregate: absent
Extended Community: RT 100:100 (0.0.0.100)
Is not stale, is not history
Route flap penalty: 0, flap count 0, is not suppressed
Route flap time left: 00:00:00, time start: never
Route is not ECMP
Total entries: 1
0/ME5100:R2# show bgp vpnv4 unicast rd 100:100 20.0.0.0/30
Thu May 30 09:49:56 2024
BGP router identifier 2.2.2.2, local AS number 100
BGP routing table entry for 20.0.0.0/30
Path #0
AS path:
RD 100:100, 1.1.1.1 from 1.1.1.1 (1.1.1.1), Source VRF:
Received/Local Label: 16/22 <<<<< ASBR1 выделяет новую метку 22 для vpnv4 маршрута и отправляет в сторону ASBR2
Origin incomplete, metric 0, local-pref 100, weight 0, not-tracked, internal, best
Address family: ipv4/vpn
NLRI pathID: 0
Aggregator AS: 0, Address: 0.0.0.0, Atomic aggregate: absent
Extended Community: RT 100:100 (0.0.0.100)
Is not stale, is not history
Route flap penalty: 0, flap count 0, is not suppressed
Route flap time left: 00:00:00, time start: never
Route is not ECMP
Total entries: 1
0/ME5100:R3# show bgp vpnv4 unicast rd 100:100 20.0.0.0/30
Thu May 30 09:57:03 2024
BGP router identifier 3.3.3.3, local AS number 200
BGP routing table entry for 20.0.0.0/30
Path #0
AS path: 100
RD 100:100, 10.0.0.9 from 10.0.0.9 (2.2.2.2), Source VRF: <<<<< Так же необходимо заметить, что ASBR1 поменял nexthop для маршрута на себя
Received/Local Label: 22/25 <<<<< ASBR2 выделяет новую метку 25 для vpnv4 маршрута и отправляет в сторону PE2
Origin incomplete, metric 0, local-pref 100, weight 0, not-tracked, external, best
Address family: ipv4/vpn
NLRI pathID: 0
Aggregator AS: 0, Address: 0.0.0.0, Atomic aggregate: absent
Extended Community: RT 100:100 (0.0.0.100)
Is not stale, is not history
Route flap penalty: 0, flap count 0, is not suppressed
Route flap time left: 00:00:00, time start: never
Route is not ECMP
Total entries: 1
0/ME5200S:R6# show bgp vpnv4 unicast rd 100:100 20.0.0.0/30
Thu May 30 09:34:27 2024
BGP router identifier 6.6.6.6, local AS number 200
BGP routing table entry for 20.0.0.0/30
Path #0
AS path: 100
RD 100:100, 3.3.3.3 from 3.3.3.3 (3.3.3.3), Source VRF: test
Received/Local Label: 25/- <<<<< PE2 в свою очередь снимает метки и в сторону CE2 пойдет уже чиcтый IP пакет
Origin incomplete, metric 0, local-pref 100, weight 0, not-tracked, internal, best
Address family: ipv4/vpn
NLRI pathID: 0
Aggregator AS: 0, Address: 0.0.0.0, Atomic aggregate: absent
Extended Community: RT 100:100 (0.0.0.100)
Is not stale, is not history
Route flap penalty: 0, flap count 0, is not suppressed
Route flap time left: 00:00:00, time start: never
Route is not ECMP
Проверим связность между CE устройствами:
Проверка связности между CE:
RP/0/0/CPU0:CE1#show route
Thu May 30 07:00:56.532 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP
A - access/subscriber, a - Application route
M - mobile route, r - RPL, (!) - FRR Backup path
Gateway of last resort is not set
C 20.0.0.0/30 is directly connected, 02:54:07, GigabitEthernet0/0/0/0.2101
L 20.0.0.1/32 is directly connected, 02:54:07, GigabitEthernet0/0/0/0.2101
S 20.0.1.0/30 [1/0] via 20.0.0.2, 02:53:54
RP/0/0/CPU0:CE1#ping 20.0.1.2
Thu May 30 07:01:07.132 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/0/CPU0:CE2#show route
Thu May 30 07:12:01.327 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP
A - access/subscriber, a - Application route
M - mobile route, r - RPL, (!) - FRR Backup path
Gateway of last resort is not set
S 20.0.0.0/30 [1/0] via 20.0.1.1, 02:54:13
C 20.0.1.0/30 is directly connected, 02:55:08, GigabitEthernet0/0/0/0.2100
L 20.0.1.2/32 is directly connected, 02:55:08, GigabitEthernet0/0/0/0.2100
RP/0/0/CPU0:CE2#ping 20.0.0.1
Thu May 30 07:12:11.626 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms